upstream puppet-production {
    <% (upstream_servers).each do |server| %>
    server <%=server%>;
	<% end %>
}

server {
    listen 8140;
    server_name <%= puppet_master_hostname %> localhost;

    # PREVENTING 413 Request Entity Too Large errors
    client_max_body_size 256M;
    
    ssl                     on;
    ssl_session_timeout     20m;
    ssl_certificate         <%= hostcert %>;
    ssl_certificate_key     <%= hostprivkey %>;
    ssl_client_certificate  <%= localcacert %>;
    ssl_crl <%= cacrl %>;

    ssl_session_cache       shared:SSL:8m;
    
    ssl_verify_client       optional;

    root                    /tmp;


    location / {
       proxy_pass          http://puppet-production;
       proxy_redirect      off;
       proxy_set_header    Host             $host;
	   proxy_set_header    X-Real-IP        $remote_addr;
	   proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
       proxy_set_header    X-Client-Verify  $ssl_client_verify;
       proxy_set_header    X-Client-DN      $ssl_client_s_dn;
       proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
       proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
       proxy_read_timeout  2000;
    }
    
}
